Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1653 EXPLOITDB text
Htmlcoderhelper Com Graphics - Path Traversal
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by wishnusakti + inc0mp13te
CVE-2010-1654 EXPLOITDB text VERIFIED
Instantrankingseo Infocus Real Estate - SQL Injection
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.
by Sid3^effects
EIP-2026-107699 EXPLOITDB text VERIFIED
i-Net Online Community - Cross-Site Scripting / Authentication Bypass
by Sid3^effects
CVE-2010-1652 EXPLOITDB text VERIFIED
Helpcenterlive Hcl - Path Traversal
Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the file parameter to module.php. NOTE: some of these details are obtained from third party information.
by 41.w4r10r
CVE-2010-1708 EXPLOITDB text VERIFIED
Freerealty.rwcinc Free Realty - SQL Injection
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
by Sid3^effects
CVE-2010-1660 EXPLOITDB text VERIFIED
Clscript Classifieds Script - SQL Injection
SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter.
by 41.w4r10
EIP-2026-105611 EXPLOITDB text VERIFIED
Boutique SudBox 1.2 - Cross-Site Request Forgery (Changer Login et Mot de Passe)
by indoushka
CVE-2010-1706 EXPLOITDB text VERIFIED
2daybiz Auction Script - SQL Injection
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
by Sid3^effects
CVE-2010-1152 EXPLOITDB text VERIFIED
memcached < 1.4.3 - Denial of Service via Long Line Input
memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.
by fallenpegasus
CVE-2010-1437 EXPLOITDB HIGH text VERIFIED
Linux kernel <2.6.34-rc5 - DoS
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.
by Toshiyuki Okajima
CVSS 7.0
EIP-2026-100090 EXPLOITDB text VERIFIED
Acart 2.0 Shopping Cart - Software Backup Dump
by indoushka
CVE-2010-1703 EXPLOITDB text VERIFIED
2daybiz Polls Script - Cross-Site Scripting via Category Parameter or Search Field
Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.
by Sid3^effects
CVE-2010-1926 EXPLOITDB text
Openmairie Opencourrier - Path Traversal
Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. NOTE: some of these details are obtained from third party information.
by cr4wl3r
CVE-2010-1364 EXPLOITDB text
Uiga Personal Portal - SQL Injection
SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: some of these details are obtained from third party information.
by 41.w4r10r
CVE-2010-1713 EXPLOITDB text VERIFIED
PostNuke 0.764 - SQL Injection via News Article modload sid Parameter
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
by BILGE_KAGAN
CVE-2010-1927 EXPLOITDB text
Openmairie Opencourrier - Code Injection
Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information.
by cr4wl3r
CVE-2010-1936 EXPLOITDB text VERIFIED
Openmairie Opencominterne - Path Traversal
Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
CVE-2009-4822 EXPLOITDB text
Kasseler-cms Kasseler Cms - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
by indoushka
EIP-2026-108972 EXPLOITDB text VERIFIED
Kasseler CMS 2.0.5 - 'index.php' Cross-Site Scripting
by indoushka
CVE-2008-2633 EXPLOITDB text VERIFIED
Joomla Com Joomradio - SQL Injection
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
by Mr.tro0oqy
EIP-2026-106811 EXPLOITDB text VERIFIED
Ektron CMS400.NET 7.5.2 - Multiple Vulnerabilities
by Richard Moore
CVE-2010-5059 EXPLOITDB text VERIFIED
CMScout 2.0.8 - SQL Injection via Album Parameter
SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.
by Dr.0rYX & Cr3W-DZ
CVE-2010-1704 EXPLOITDB text VERIFIED
2daybiz Polls Script - SQL Injection
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.
by Sid3^effects
EIP-2026-111450 EXPLOITDB text
Powered by iNetScripts - Arbitrary File Upload
by Sec-q8
EIP-2026-110667 EXPLOITDB text VERIFIED
PHP Classifieds 6.09 - E-mail Dump
by indoushka
By Source
All 31,344 Writeup 60,470 Exploitdb 50,009 Nomisec 21,927 Metasploit 3,232 Github 2,872 Vulncheck_xdb 908 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,139 ruby 5,921 c 3,586 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 64 postscript 25 xml 24